December hacker losses plummeted by 60%, but 26 attack incidents indicate the real risk is not over yet

In December, cryptocurrency hacking incidents exhibited an interesting paradox: while the total losses significantly decreased, the attack frequency did not decline. This reflects deeper changes in hacker strategies and the complex evolution of security in the industry.

Dramatic Drop in Loss Data

According to blockchain security firm PeckShield, the losses from cryptocurrency hacking attacks in December 2025 were approximately $76 million, a sharp 60% decrease from $194.3 million in November, marking the largest monthly decline in 2025. At first glance, this number is encouraging, but the underlying story warrants closer attention.

Overview of Major Attacks in December

The Truth Behind the High Attack Frequency

Although total losses declined, approximately 26 significant attack events still occurred in December. What does this imply? Hackers’ strategies are quietly evolving.

Data indicates that in 2025, phishing losses decreased by 83% year-over-year, but this is not because attacks became less frequent. Instead, attackers changed their tactics. They shifted from pursuing large single gains to a “small amount, high frequency” strategy—average loss per victim decreased from a higher level to around $790, yet the total number of victims increased.

Three Major Changes in Hacker Strategies

• From large, infrequent attacks to small, frequent ones: In 2025, only 11 cases involved losses exceeding $1 million, far fewer than 30 in 2024, but the total number of attacks increased.
• Evolution of attack methods: Permit/Permit2 authorization phishing remains a primary tool, and new malicious signature attacks like EIP-7702 are rapidly emerging.
• More dispersed targets: Focus has shifted away from large projects to a broad range of small and medium users and beginners.

What Does This Mean?

On the surface, the significant decline in December’s loss data might create an illusion of improved security. However, in reality, this reflects the combination of two phenomena:

On one hand, several large-scale attacks occurred in 2025 (e.g., Bybit’s $140 million loss), which skewed the annual average upward. December did not see such mega-cases, so the monthly figure appears low.

On the other hand, the strategic adjustments by attackers indicate they are adapting to market conditions. As large projects strengthen their defenses, hackers turn to easier targets—ordinary users. This means the risk has not disappeared but has become more dispersed.

What to Watch Next

Based on current data, it can be anticipated that:

• Phishing and authorization attacks will remain the main threats, especially with new upgrades (such as Ethereum’s Pectra), as new attack methods continue to emerge.
• User education becomes increasingly important, as small, frequent attacks are more easily carried out through social engineering and deception.
• Browser security may become a focus area; the theft of Trust Wallet browser extension highlights this as a weak point.

Summary

The 60% reduction in hacker losses in December is indeed noteworthy, but the 26 attack events are equally significant. The true implication of this data is that the security situation in cryptocurrency has not markedly improved—only the forms of threats are changing. Attackers are optimizing their strategies, shifting from pursuing large single gains to widespread small-scale harvesting. For users, this means that the focus of defense should shift from worrying about large project breaches to enhancing personal security awareness—because you might be the next target.